IETF Logo Mail Archive

[tcpm] TCP Stealth - possible interest to the WG

"Scheffenegger, Richard" <rs@netapp.com> Fri, 15 August 2014 23:53 UTC

Return-Path: <rs@netapp.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0D621A0887; Fri, 15 Aug 2014 16:53:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGbduKCnPC0h; Fri, 15 Aug 2014 16:53:09 -0700 (PDT)
Received: from mx11.netapp.com (mx11.netapp.com [216.240.18.76]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E6021A0886; Fri, 15 Aug 2014 16:53:08 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.01,874,1400050800"; d="scan'208,217";a="140424739"
Received: from vmwexceht06-prd.hq.netapp.com ([10.106.77.104]) by mx11-out.netapp.com with ESMTP; 15 Aug 2014 16:53:07 -0700
Received: from HIOEXCMBX04-PRD.hq.netapp.com (10.122.105.37) by vmwexceht06-prd.hq.netapp.com (10.106.77.104) with Microsoft SMTP Server (TLS) id 14.3.123.3; Fri, 15 Aug 2014 16:52:24 -0700
Received: from HIOEXCMBX02-PRD.hq.netapp.com (10.122.105.35) by hioexcmbx04-prd.hq.netapp.com (10.122.105.37) with Microsoft SMTP Server (TLS) id 15.0.913.22; Fri, 15 Aug 2014 16:52:06 -0700
Received: from HIOEXCMBX02-PRD.hq.netapp.com ([::1]) by hioexcmbx02-prd.hq.netapp.com ([fe80::bd51:14bc:cba2:6b32%21]) with mapi id 15.00.0913.011; Fri, 15 Aug 2014 16:51:48 -0700
From: "Scheffenegger, Richard" <rs@netapp.com>
To: "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, "tcpinc@ietf.org" <tcpinc@ietf.org>
Thread-Topic: TCP Stealth - possible interest to the WG
Thread-Index: Ac+448Fsl9mI8tJfQO6l37mQPpygtg==
Date: Fri, 15 Aug 2014 23:51:47 +0000
Message-ID: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com>
Accept-Language: de-AT, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.120.60.34]
Content-Type: multipart/alternative; boundary="_000_ecdbe694b6964c159f64b1d3311c8cc6hioexcmbx02prdhqnetappc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/3qBIt6ZJCecRnqK0fSGBdOGGQa4
Cc: Joe Touch <touch@isi.edu>
Subject: [tcpm] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Aug 2014 23:53:11 -0000

Hi,

I just learned about an individual submission, which is probably of interest not only to the members of these two WGs;

http://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00


On a first, casual glance, I am wondering if the authors have realized all the implications of their suggestion;

There seem to be at least two or three major issues that compromise either the working and stability of TCP, or work against the intended "stealthieness" of this modification (making it easy for an attacker to identify such sessions, provided he is able to actively interfere with segments in transit (ie. cause certain segments to be dropped).

Nevertheless, it might be beneficial to discuss the generic idea in a wider forum, among brighter minds than me.

Richard Scheffenegger

v2.23.0 | Report a Bug | By Email